Project of the course Security Engineering at ETH. We implemented the access control of a web application for managing events. For the project, we used GraphQl Shield. Implementation by Clemente Paste and Freya Murphy.
To run and build the project, you need to install:
After you have installed the tools necessary, you need to setup a database. For this, execute the following commands:
cd scripts
./db.ps1
./setup.ps1
Whenever you want to connect to the database, you can execute scripts/mongo.ps1
to open a mongodb shell.
To compile and start the server, you initially need to run npm install
once.
Then, you first need to start the database (scripts/start.ps1
, might be necessary after rebooting, too) and then run one of the commands
npm run server
(project part II)npm run server-rbac
(project part III)
To provide you with an overview of the repository, we list all important folders and files here. Respective folders contain another README detailing how they work.
File | Explanation |
---|---|
index.ts |
Provides an API to create the GraphQL server |
start.ts |
Script to run the server |
datamodel/ |
Contains all datamodel definitions |
permissions/ |
Contains access control rules written in graphql-shield |
rb_permissions/ |
Contains role-based access control rules written in graphql-shield |
resolvers/ |
Contains all GraphQL resolvers for the scheme datamodel/gql-schema.ts |
scripts/ |
Contains database scripts |
tests/ |
Contains test cases |